View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 8, 2018updated 09 Jan 2018 4:32pm

McAfee spots hacking campaign targeting 2018 Winter Olympics

Due to the significant tension between South and North Korea, in addition to political tensions with the NKDP and other nations globally, the event is highly sensitive and likely to face more cyberattacks.

By Tom Ball

Cybersecurity provider, McAfee, has discovered a malicious campaign targeting organisations associated with the 2018 Winter Olympic Games in Pyeongchang, South Korea.

Delivered as a Microsoft Word document in an email, the fileless malware attack was aimed at, while a number of other organisations, predominantly associated with the upcoming Olympics, were included in the BBC of the email.

This is not the first sign of the malicious campaign, with other related actions having been noted on the 22nd of December 2017 and on the 28th. In these previous instances the attackers had loaded the malicious document with a hypertext application (HTA) file before using an image to hide it.

In this most recent case, the attackers acted under the guise of counter terrorism operatives, coinciding with actual anti-terror drills relating to the event.

Analysis from a McAfee report on the document said: “The malicious document was submitted from South Korea to Virus Total on December 29 at 09:04, a day after the original email was sent to the target list. The email was sent from the IP address, in Singapore, on December 28 at 23:34. The attacker spoofed the message to appear to be from, which is the National Counter-Terrorism Center (NCTC) in South Korea.”

Do your GDPR homework before spending money, says RSA’s Rashmi Knowles
UK locked and loaded for cyber warfare as GCHQ doubles weapons
Gemalto banks on biometrics with contactless fingerprint card

Peter Carlisle, VP EMEA, Thales eSecurity, said: “Global gatherings such as the Olympics that see world leaders, businesses and governmental organisations converge on one location are a naturally attractive target for digital criminal activity. Notably, it is becoming increasingly likely that multiple attempts will be made to obtain sensitive information like passwords.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

South Korea has previously been the target of cyberattacks thought to have originated in North Korea, and the event being viewed globally as a test of the relationship between the countries.

“Based on our analysis of the email header, this message did not come from NCTC, rather from the attacker’s IP address in Singapore. The message was sent from a Postfix email server and originated from the hostname When the user opens the document, text in Korean tells the victim to enable content to allow the document to be opened in their version of Word,” McAfee said in the report.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.